feat: remove force change default pin
This commit is contained in:
5
.gitignore
vendored
5
.gitignore
vendored
@@ -1,13 +1,10 @@
|
|||||||
|
.idea/
|
||||||
# ---> Rust
|
# ---> Rust
|
||||||
# Generated by Cargo
|
# Generated by Cargo
|
||||||
# will have compiled files and executables
|
# will have compiled files and executables
|
||||||
debug/
|
debug/
|
||||||
target/
|
target/
|
||||||
|
|
||||||
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
|
|
||||||
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
|
|
||||||
Cargo.lock
|
|
||||||
|
|
||||||
# These are backup files generated by rustfmt
|
# These are backup files generated by rustfmt
|
||||||
**/*.rs.bk
|
**/*.rs.bk
|
||||||
|
|
||||||
|
|||||||
2869
Cargo.lock
generated
Normal file
2869
Cargo.lock
generated
Normal file
File diff suppressed because it is too large
Load Diff
@@ -1 +0,0 @@
|
|||||||
1.60.0
|
|
||||||
82
src/key.rs
82
src/key.rs
@@ -9,7 +9,7 @@ use age_plugin::{identity, Callbacks};
|
|||||||
use bech32::{ToBase32, Variant};
|
use bech32::{ToBase32, Variant};
|
||||||
use dialoguer::Password;
|
use dialoguer::Password;
|
||||||
use log::{debug, error, warn};
|
use log::{debug, error, warn};
|
||||||
use std::convert::Infallible;
|
// use std::convert::Infallible;
|
||||||
use std::fmt;
|
use std::fmt;
|
||||||
use std::io;
|
use std::io;
|
||||||
use std::iter;
|
use std::iter;
|
||||||
@@ -290,7 +290,7 @@ fn request_pin<E>(
|
|||||||
|
|
||||||
pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
||||||
const DEFAULT_PIN: &str = "123456";
|
const DEFAULT_PIN: &str = "123456";
|
||||||
const DEFAULT_PUK: &str = "12345678";
|
// const DEFAULT_PUK: &str = "12345678";
|
||||||
|
|
||||||
eprintln!();
|
eprintln!();
|
||||||
let pin = Password::new()
|
let pin = Password::new()
|
||||||
@@ -303,45 +303,45 @@ pub(crate) fn manage(yubikey: &mut YubiKey) -> Result<(), Error> {
|
|||||||
.interact()?;
|
.interact()?;
|
||||||
yubikey.verify_pin(pin.as_bytes())?;
|
yubikey.verify_pin(pin.as_bytes())?;
|
||||||
|
|
||||||
// If the user is using the default PIN, help them to change it.
|
// // If the user is using the default PIN, help them to change it.
|
||||||
if pin == DEFAULT_PIN {
|
// if pin == DEFAULT_PIN {
|
||||||
eprintln!();
|
// eprintln!();
|
||||||
eprintln!("{}", fl!("mgr-change-default-pin"));
|
// eprintln!("{}", fl!("mgr-change-default-pin"));
|
||||||
eprintln!();
|
// eprintln!();
|
||||||
let current_puk = Password::new()
|
// let current_puk = Password::new()
|
||||||
.with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
|
// .with_prompt(fl!("mgr-enter-current-puk", default_puk = DEFAULT_PUK))
|
||||||
.interact()?;
|
// .interact()?;
|
||||||
let new_pin = loop {
|
// let new_pin = loop {
|
||||||
let pin = request_pin(
|
// let pin = request_pin(
|
||||||
|prev_error| {
|
// |prev_error| {
|
||||||
if let Some(err) = prev_error {
|
// if let Some(err) = prev_error {
|
||||||
eprintln!("{}", err);
|
// eprintln!("{}", err);
|
||||||
}
|
// }
|
||||||
Password::new()
|
// Password::new()
|
||||||
.with_prompt(fl!("mgr-choose-new-pin"))
|
// .with_prompt(fl!("mgr-choose-new-pin"))
|
||||||
.with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
|
// .with_confirmation(fl!("mgr-repeat-new-pin"), fl!("mgr-pin-mismatch"))
|
||||||
.interact()
|
// .interact()
|
||||||
.map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin)))
|
// .map(|pin| Result::<_, Infallible>::Ok(SecretString::new(pin)))
|
||||||
},
|
// },
|
||||||
yubikey.serial(),
|
// yubikey.serial(),
|
||||||
)?
|
// )?
|
||||||
.unwrap();
|
// .unwrap();
|
||||||
if pin.expose_secret() == DEFAULT_PIN {
|
// if pin.expose_secret() == DEFAULT_PIN {
|
||||||
eprintln!("{}", fl!("mgr-nope-default-pin"));
|
// eprintln!("{}", fl!("mgr-nope-default-pin"));
|
||||||
} else {
|
// } else {
|
||||||
break pin;
|
// break pin;
|
||||||
}
|
// }
|
||||||
};
|
// };
|
||||||
let new_pin = new_pin.expose_secret();
|
// let new_pin = new_pin.expose_secret();
|
||||||
yubikey
|
// yubikey
|
||||||
.change_puk(current_puk.as_bytes(), new_pin.as_bytes())
|
// .change_puk(current_puk.as_bytes(), new_pin.as_bytes())
|
||||||
.map_err(|e| match e {
|
// .map_err(|e| match e {
|
||||||
yubikey::Error::PinLocked => Error::PukLocked,
|
// yubikey::Error::PinLocked => Error::PukLocked,
|
||||||
yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
|
// yubikey::Error::WrongPin { tries } => Error::WrongPuk(tries),
|
||||||
_ => Error::YubiKey(e),
|
// _ => Error::YubiKey(e),
|
||||||
})?;
|
// })?;
|
||||||
yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
// yubikey.change_pin(pin.as_bytes(), new_pin.as_bytes())?;
|
||||||
}
|
// }
|
||||||
|
|
||||||
if let Ok(mgm_key) = MgmKey::get_protected(yubikey) {
|
if let Ok(mgm_key) = MgmKey::get_protected(yubikey) {
|
||||||
yubikey.authenticate(mgm_key)?;
|
yubikey.authenticate(mgm_key)?;
|
||||||
|
|||||||
Reference in New Issue
Block a user